This paper presents a smart-card applet that is able to
verify X.509 certificates and to use the public key contained in the
certificate for verifying digital signatures that have been created
using the corresponding private key, e.g. for the purpose of authenticating
the certificate owner against the card. The approach has been
implemented as an operating prototype on Java cards.
[1] Application interface for smart cards used as Secure Signature Creation
Devices - Part 1: Basic requirements, CEN Workshop Agreement CWA
14890-1, 2004
[2] Information technology - Open Systems Interconnection - The Directory:
Public-key and attribute certificate frameworks, ITU-T Recommendation
X.509, 2000
[3] R. Housley, W. Polk, W. Ford, and D. Solo, Internet X.509 Public Key
Infrastructure certificate and certificate revocation list (CRL) profile,
Request for Comments RFC 3280, 2002
[4] P. Urien, M. Badra, and M. Dandjinou, "EAP-TLS smartcards, from
dream to reality", in Proc. 4th IEEE Workshop on Applications and Services
in Wireless Networks, Boston, Massachusetts, USA, 2004
[5] Information technology - Abstract Syntax Notation One (ASN.1): Specification
of basic notation, ITU-T Recommendation X.680, 2002
[6] Information technology - ASN.1 encoding rules: Specification of Basic
Encoding Rules (BER), Canonical Encoding Rules (CER) and Distinguished
Encoding Rules (DER), ITU-T Recommendation X.690, 2002
[7] Identification cards - Integrated circuit cards - Part 4: Organization,
security and commands for interchange, International Standard ISO/IEC
7816-4, 2005
[8] Java Card 2.1.1 Virtual Machine Specification. Sun Microsystems,
Revision 1.0, May 2000
[9] JCOP20 Technical Brief. Revision 2.3. IBM
[10] Technical guideline: Advanced security mechanisms for Machine-Readable
Travel Documents, German Federal Office for Information Security
(BSI), TR-03110, version 1.0, 2006
[1] Application interface for smart cards used as Secure Signature Creation
Devices - Part 1: Basic requirements, CEN Workshop Agreement CWA
14890-1, 2004
[2] Information technology - Open Systems Interconnection - The Directory:
Public-key and attribute certificate frameworks, ITU-T Recommendation
X.509, 2000
[3] R. Housley, W. Polk, W. Ford, and D. Solo, Internet X.509 Public Key
Infrastructure certificate and certificate revocation list (CRL) profile,
Request for Comments RFC 3280, 2002
[4] P. Urien, M. Badra, and M. Dandjinou, "EAP-TLS smartcards, from
dream to reality", in Proc. 4th IEEE Workshop on Applications and Services
in Wireless Networks, Boston, Massachusetts, USA, 2004
[5] Information technology - Abstract Syntax Notation One (ASN.1): Specification
of basic notation, ITU-T Recommendation X.680, 2002
[6] Information technology - ASN.1 encoding rules: Specification of Basic
Encoding Rules (BER), Canonical Encoding Rules (CER) and Distinguished
Encoding Rules (DER), ITU-T Recommendation X.690, 2002
[7] Identification cards - Integrated circuit cards - Part 4: Organization,
security and commands for interchange, International Standard ISO/IEC
7816-4, 2005
[8] Java Card 2.1.1 Virtual Machine Specification. Sun Microsystems,
Revision 1.0, May 2000
[9] JCOP20 Technical Brief. Revision 2.3. IBM
[10] Technical guideline: Advanced security mechanisms for Machine-Readable
Travel Documents, German Federal Office for Information Security
(BSI), TR-03110, version 1.0, 2006
@article{"International Journal of Information, Control and Computer Sciences:63619", author = "Olaf Henniger and Karim Lafou and Dirk Scheuermann and Bruno Struif", title = "Verifying X.509 Certificates on Smart Cards", abstract = "This paper presents a smart-card applet that is able to
verify X.509 certificates and to use the public key contained in the
certificate for verifying digital signatures that have been created
using the corresponding private key, e.g. for the purpose of authenticating
the certificate owner against the card. The approach has been
implemented as an operating prototype on Java cards.", keywords = "Public key cryptographic applications, smart cards.", volume = "2", number = "10", pages = "3594-4", }
